Docs: Add a Priority matching policy example using Namespaces (#27792)

* Policy priority NS example * Update website/content/docs/concepts/policies.mdx Modification after review Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> --------- Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2025-11-02 03:27:54 +00:00 · 2024-07-19 18:21:16 +02:00
parent d6a588b8d2
commit 7d6986cc84
1 changed files with 5 additions and 0 deletions
--- a/website/content/docs/concepts/policies.mdx
+++ b/website/content/docs/concepts/policies.mdx
@@ -193,6 +193,11 @@ wildcard appears in the same place, both end in `*` and the latter has two wildc
 segments while the former has zero. So we end at rule (3), and give `"secret/+/+/foo/*"`
 _lower_ priority.

+Another example utilizing Vault [namespaces](/vault/docs/enterprise/namespaces), given [nested](/vault/tutorials/enterprise/namespace-structure) namespaces `ns1/ns2/ns3` and two paths, 
+`"secret/*"` and `"ns1/ns2/ns3/secret/apps/*"` where `secret` is a mountpoint in namespace `ns3`. The first path is
+defined in a policy inside/relative to namespace `ns3` while the second path is defined in a policy in the `root` namespace. 
+Both paths end in `*` but the first is shorter. So we end at rule (4), and give `"secret/*"` _lower_ priority.
+
 !> **Informational:**The glob character referred to in this documentation is the asterisk (`*`).
 It _is not a regular expression_ and is only supported **as the last character of the path**!